Question about signing files PKCS#7

I thought that while signing files, the certificates should contain the private key; but I can sign a file using a certificate with a private key and two more certificates without private key for example; and while verifying it, i can see that both certificates with only public key seems to have signed the file.

In the knowledgebase: "When you sign the data, you need to have the certificates with corresponding private keys"

But during verification stage, How can i know then wich were the certificates that really signed the message (with private key). As we get the certificates contained in the message we have all of them and all seems to have signed the message.

Wich is the RFC and the lines that make it possible to include it to my help?

With TElMessageVerifier class, please use CertIDs[]/CertIDCount properties to get information about certificates that were used for signing. Each signer is identified by Issuer and SerialNumber fields of the corresponding certificate, i.e. you should use these values to find the signing certificate in the storage specified by TElMessageVerifier.Certificates property (please note, that the signing certificate might be absent from the signed message, so your application should be prepared for this situation and handle it correctly).

Quote

Wich is the RFC and the lines that make it possible to include it to my help?

All TElMessageXXX classes are implemented according to PKCS#7 (RFC2315) and CMS (RFC3852) specifications.